[Openstack-security] Enabling SSL/HTTPS for REST API
Bryan D. Payne
bdpayne at acm.org
Thu Nov 14 06:00:04 UTC 2013
Hassan,
In a production setting, the preferred way to do this is with an SSL
terminator. There are some details in the OpenStack Security Guide:
http://docs.openstack.org/security-guide/content/ch020_ssl-everywhere.html
Cheers,
-bryan
On Wed, Nov 13, 2013 at 5:59 PM, Hassan Shaik <hshaik at gmail.com> wrote:
> Hello Openstack security experts,
>
> I am trying to enable SSL/HTTPS in openstack REST API for all services
> (nova/glance endpoint URL). However, I see the documentation to enable SSL
> on keystone service alone.
>
>
> http://docs.openstack.org/grizzly/openstack-compute/admin/content//keystone-ssl.html
> http://docs.openstack.org/developer/keystone/configuration.html
>
> 1. Am I missing something? Is SSL/HTTPS supported for nova/glance API too?
> 2. Also, when I try to enable SSL in keystone service, all nova/glance CLI
> fail to work after the change. And, the debug shows it is trying to make
> use of http even after enabling SSL.
>
> # nova --debug list
>
> REQ: curl -i *http*://openstack-ip:5000/v2.0/tokens -X POST -H
> "Content-Type: application/json" -H "Accept: application/json" -H
> "User-Agent: python-novaclient" -d '{"auth": {"tenantName": "admin",
> "passwordCredentials": {"username": "admin", "password": "admin_pass"}}}'
>
> Appreciate your help.
>
> Thanks,
> Hassan
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-security/attachments/20131113/33185e56/attachment.html>
More information about the Openstack-security
mailing list